Deploy WSUS and manage clients without Active Directory

You may have a small group of Windows computers in Workgroup setup because you do not have or plan to have full Active Directory for this small group of Windows computers. You still would like to manage their state of patching and do not spend too much, you would like to use the free Microsoft patching solution WSUS.

Good news is that this is possible to enroll Windows computers into WSUS without need of Active Directory and you can manage the patching for this small group of computers.

Here is my Batch script that will modify registry and add the desired settings to point to WSUS and enroll the computers into specific TARGET group “TEAM-1”. Before you run in on your Windows 7 or Windows 8.x computer make sure to change the WSUS IP address and rename the TARGET group to your desired TargetGroup Name.

The script will modify the registry on the target computer and point and enroll the computer into WSUS server. In case you want to remove the computer from this and remove the settings here is the WSUS-remove.bat file for your use so you can put all back as it was before.

Once your run WSUS-remove.bat – it will modify the registry on computer and remove all the settings that were used to enroll the computer into WSUS. All settings will be back as before and you can continued patching your system via MS Update manually or whatever way you have used before.

Here is some reference link on the Registry settings used in the script and what they mean – KB933844